Clients get deauthenticated and have to authenticate again

I have a WLC 3750 and 41 APs. Clients get authenticated by Web Authentication and the internal login-page of the WLC. Actually everything works fine but sometimes clients have to reauthenticate during a session, i.e. they get redirected to the login-page and have to type in their username and their password again. It happens during an active session so there's not idle-time or anything like this.

I took a look on the WLC 3750 and as far as I understand it, everytime the client switches to another AP because of a better connection is has to reauthenticate again.

I don't know if I'm right but it sounds like a possible solution for me. If this is the problem is there any way to solve it? So I want clients to stay authenticated also after switching to another AP.

thanks for your answer! When I login to the GUI of the WLC 3750 it says "Default mobility group" : wlan . So I guess WLC 3750 supports mobility group.

We also do have a RADIUS Server in combination with a 802.1x authentication. If people authenticate with this RADIUS server they can move and switch the APs without having to login again. But not all of the people are able to use this RADIUS Server so we also need the web authentication.

The thing is that I'm not even sure if the issue "switch to another ap" is the real problem. Maybe it's a complete other problem.

Am I really the only one who has trouble with clients getting deauthenticated while being active?